#1 Authentication against ssh-agent

[Chip Marshall]

Would it be possible to make the module capable of
using an existing ssh-agent to authenticate the user?
This would be useful for commands like su and sudo.

[Anonymous]

Logged In: YES
user_id=117256

I'm not sure I understand the question. Wouldn't the user need to provide a secret of some kind? Otherwise, there's no way to be sure that user added the key to the agent.

[Nobody/Anonymous]

Logged In: NO

Hi!

This would be VERY usefull.

> Wouldn't the
user need to provide a secret of some kind?

I run ssh-agent on my Linux PDA and FORWARD it (thru ssh
connection) to desktop.
This way, my private key never leaves the PDA, but can be
used on desktop.

If pam_ssh could use (forwarded) ssh-agent socket, I can
utilize single-sign-on only with PDA and NO PASSWORD. I
would be great and I would really admire you :)

[Nobody/Anonymous]

Indeed, authenticating against ssh would be handy. Take the following example:

1. log in to localhost with pam_ssh
2. ssh -A remotehost "sudo yum update"

If the remote host were also setup with pam_ssh, the agent has been forwarded (with -A), has sent a challenge request to the agent similar to what ssh does when it allows people to ssh in. Then we can sudo remotely without a password, very handy in large environments.